FBI chief rekindles debate over unbreakable encryption

The cat and mouse game of security versus privacy continues as FBI Director Christopher Wray calls out unbreakable encryption as an "urgent public safety issue."

Throughout the past year, the FBI took possession of thousands of electronic devices. Approximately 7,800 devices were deemed impenetrable due to modern encryption techniques. Even though the FBI had the legal right to attempt forced entry into devices under their control, improved safeguards proved to be working exactly as intended.

At the heart of the debate over compromising security in favor of public protection remains the fact that anyone could potentially take advantage of a backdoor. There is no way to guarantee that weaknesses in encryption would only be discovered and used by law enforcement agencies.

Fortunately, Wray recognizes there is no simple solution to encryption. From a technical standpoint, Wray believes there is still a way to offer security without preventing law enforcement from gaining access. "I just do not buy the claim that it is impossible," stated Wray.

Security experts and industry professionals tend to disagree. Any means of accessing protected information without holding the original encryption key and proper credentials can be seen as a serious design flaw in any algorithm.

Encryption methods may have prevented US officials from gaining access to a large number of electronic devices but that does not mean security methods have been perfected. Most famously, the San Bernardino iPhone was cracked for an undisclosed sum of money by a private firm. What goes on behind closed doors is impossible to even begin to speculate on. All that is known for sure is that with enough time and money, most systems will be broken.

For now, US lawmakers have been unwilling to force technology companies to offer access to government agencies. In the best interests of proper security, no organization should have the ability to circumvent encryption algorithms. Whether that is the right move for public protection or not is open to debate.

"FBI took possession of thousands of electronic devices. Approximately 7,800 devices were deemed impenetrable" Um, what kind of percentage are we talking here? Just one zero to the right of the decimal.. or many?

It would be equally interesting to see statistics on how often the FBI has abused their authority in the name of "national security". After all, they have completely lost control over classification of documents to the point they are no longer trusted. One can only wonder what else they have their fingers into where they don't belong without the proper Court permissions and documents.

These guys sound like kids who just can't accept that they can't have their cake and eat it too.

edit: for those that don't understand this English idiom, it means (in this context) that secure encryption and encryption with law enforcement access are mutually incompatible. You can have one or the other, but not both.

Even if lawmakers forced companies into creating back doors in their encryptions, the open software community would just create new, open-sourced and secure encryption methods (and gain wide usage among the public that cares about encryption) - then the FBI would really be out of luck.

If it's ok to do this with data shouldn't we be able to do this to our house, car, self as well?

Click to expand...

To a point, we can. In the US, without a warrant or 'hot pursuit' of an active criminal suspect, police are not permitted to break into our homes or cars and search them. Nor can they search our persons without our permission - unless they charge us with a crime and take us into custody.

Authorities have their ways of getting around or past these restrictions, such as using dogs to sniff out drugs to generate probable cause for an arrest and a search. Or using undercover operatives. Or relying on cameras in public places to detect crimes. Or relying on informants. Or using stings. Or capturing the vast flow of unencrypted information on the net and fishing for evidence of crimes. Or DNA tracking of criminals (and non-criminals, for that matter), wiretapping under court order, sharing information across various agencies and departments, testimony from witnesses, acquiring tax records... the tools in the hands of the authorities are large and potent.

Historically, encryption in correspondence is nothing new, and it was just as frustrating for police when they ran up against it. Encryption has been used for hundreds of years between persons wishing to keep their communications private from authorities. And not all of them were criminals, either.

Crimes don't exist solely on hard drives. They start in the mind and continue through actions of the criminal. There are almost unlimited ways to detect and prosecute criminal actions that aren't impeded at all by encryption.

The FBI's desire for back doors from tech giants is a bad idea, not only because it would serve up vulnerable data to others besides law enforcement, but also because they can't force the rest of the world to adopt the same standards. *Someone* will provide strong encrypted services, and you can be sure that serious criminals will seek out that level of security - and journalists, and corporations, and ordinary citizens, too. Users desire that level of security for their data, and if we require US providers to weaken their encryption, the economic loss to the US will be large. People will acquire their services elsewhere.

The encryption genie never was in a bottle; trying to force it into one now is just stupid.

To a point, we can. In the US, without a warrant or 'hot pursuit' of an active criminal suspect, police are not permitted to break into our homes or cars and search them. Nor can they search our persons without our permission - unless they charge us with a crime and take us into custody.

Click to expand...

Sorry if I wasn't clear. I think most here know the law regarding probable cause, right to enter, detain etc... None of that matters with encrypted data. My point being, if we can keep them out of our data why shouldn't we be able to setup a defense to keep them out of anything? They can take your data storage but if you won't give them the key, they are out of luck. So is protecting anything else to that level wrong? For instance it would be very difficult to make your house virtually impenetrable, but no impossible. Should even attempting that be legal?

Sorry if I wasn't clear. I think most here know the law regarding probable cause, right to enter, detain etc... None of that matters with encrypted data. My point being, if we can keep them out of our data why shouldn't we be able to setup a defense to keep them out of anything? They can take your data storage but if you won't give them the key, they are out of luck. So is protecting anything else to that level wrong? For instance it would be very difficult to make your house virtually impenetrable, but no impossible. Should even attempting that be legal?

Click to expand...

It's not impossible to make your house virtually impenetrable? In what universe?

Physical access to any facility is literally impossible to prevent. Materials all have weaknesses. Locks and security doors and walls aren't designed to prevent access; they *can't* be designed to prevent access. They're only designed to *slow down* access.

What the FBI is arguing is that encryption should inconvenience them no more than locks or security doors do in the real world. Which isn't much of an inconvenience at all.

But why?

Encryption has been around for hundreds of years - more, actually. It was *always* inconvenient for authorities. Most people didn't use it, but then, most people weren't vulnerable to credit card fraud or identity theft until the internet came along. Now those threats to the general public are huge.

Now we *all* have a desperate need to secure our bank accounts and identities so criminals can't exploit us.

Experts are telling us that weak encryption with built-in back doors can't do that job effectively.

The FBI is telling us that effective encryption scares them. Yeah, of course it does. It scares everyone who wants to get at your data. Unlike security measures intended to slow down physical access to a building or car, effective encryption is *effective.*

But encrypted data alone doesn't close off all avenues of attack the authorities can bring to bear against a criminal suspect. Far, far from it. We need to keep that in mind when the FBI complains about not being able to instantly view any data on anything they like.

And we also need to remember: the genie isn't in the bottle and never was. Anyone can encrypt, and you don't have to use Google or Microsoft or Apple to do it. Crippling companies' encryption won't shut down encryption; it'll just move it. The methods are in the public domain, and there's no way to rip it out of that domain and prevent people from using it.

It's not impossible to make your house virtually impenetrable? In what universe?

Click to expand...

This one, I think.

I could setup a defense that would make it virtually impossible for local law enforcement to penetrate with typical law enforcement equipment. The same at the county and state level, pretty much. Sure, it would be very difficult to build a defense against the bunker buster for instance, but the chance of anyone dropping one on my house is ever so slight and that is why I used the word virtually. For instance, it would not have taken much for David Koresh and his crew to dig a pit around their church that the little tank could not have crossed. That might not be the best example, but it wouldn't be hard to build a defense that would be very difficult and costly to penetrate, not technically or monetarily, but politically or ethically.

FBI can't read our minds - it is a public safety issue.
So they can stop our minds from working with help of pharma produced pills.
Or develop a way of reading our minds.
"I don't mind (sorry, pun) that because I've got nothing to hide .......

Modern flat Earth societies consist of individuals who promote the idea that the Earth is flat rather than an oblate spheroid. Such groups date from the middle of the 20th century; some adherents are serious and some are not. Those who are serious are often motivated by pseudoscience or religious literalism.[3]

In the modern era, through the use of social media, flat Earth theories have been increasingly espoused by individuals unaffiliated with larger groups, many of which have members around the world.[4][5]​